Based in Denver, CO, Agile Ideation collects the thoughts and experiences of Ed Schaefer. His posts explore agile and devops related topics as he works to maximize team effectiveness and minimize waste through continuous learning, coaching and empowering teams.

Legislative Trends

Privacy

            Maintaining privacy for individuals has long been a concern of the US government, as the right to privacy is a primary tenant the country was built upon. The number of privacy laws has grown substantially since 1982 primarily as a response to changes in technology (Review of Laws). The Children’s Online Privacy Information Act of 1998 requiring websites to obtain verifiable parental consent to allow children under 13 years of age to use a website that collects personal data. The Computer Security Act providing guidelines for data security and training requirements for governmental computer systems. The Electronic Communications Privacy Act which makes prohibits unauthorized access computers or digital records (Review of Laws).

Law Enforcement

Privacy laws and attempted legislature are, however, marred with numerous issues and concerns. There is a big discrepancy between the desire to maintain security and privacy for customer data, and governmental requests for access to information (Helft, 2011). Legislation has been slow to be updated, meaning that certain electronic mediums, like email, are treated differently than a physical counterpart, like a letter, and different decisions have been made by different courts at different times leading to inconsistencies and a lack of clarity of how organizations can or should comply with requests from law enforcement (Kravets, 2011). This becomes even more challenging as any newly formed laws, or modifications to existing laws, must adhere to the fourth amendment (Kravets, 2011). As technology continues to change and develop, these laws must also be flexible enough to keep up with new forms of communication that may not have been created yet.

Consumer Data

Additional concerns about privacy relate to the tracking and monitoring of consumers by ad agencies and online advertisers. This is a complicated issue as many of the tracking tools available to these types of organizations are not well defined or clearly understood by consumers, the government and privacy advocates. Additionally, there are questions about the use of targeted advertising, especially when used in relation to free web based services. In early 2011 the Obama Administration voiced support to create and enact legislation that would provide “baseline consumer data privacy protections” (Vijayan, 2011). Any legislation used to provide consumer protection in this sense, however, may also impact the governments ability to track or gain access to data in the future, making this more complicated from a political standpoint than simply establishing limitations or requirements for tracking user information.

Even outside of privacy related to advertising, protections for consumer privacy has been gaining ground in the light of recent follies from tech companies. One of the first most prominent examples of this was the 2010 rollout of Buzz by Google, which accidently made public Gmail email and chat lists - basically all Gmail contacts (Carlson, 2010). As a result Google agreed with the FTC to submit to regular third party audits for 20 years (Vaughan-Nichols, 2011). Facebook has also agreed to regular third party auditing of their privacy policies, following numerous complaints when Facebook changed how privacy settings worked. The Federal Trade Commission determined that Facebook changed the privacy status on users items to public without obtaining consent or warning users ahead of time (Sengupta, 2011). Even though both these cases may not have caused substantial harm to customers, things like this are now on legislative radar and it is almost guaranteed there will be more specific laws put into place in the future.

Minors

A final area of privacy that causes many difficulties is that of the protection of children online. Protection of children has always been a high priority for lawmakers, but due to the structure of the internet this is extremely difficult. A high profile example of the difficulty (and failure) of attempting to provide protection for children online occurred in October 1998 when congress passed the Child Online Protection Act (COPA). COPA was designed to attempt to ensure children 13 and under were not exposed to material that was deemed to be “harmful” or “obscene.” It was never enforced, however, due to a series of injunctions that resulted from a lawsuit claiming the law violated free speech, as COPA would have resulted in websites being taken down or restricted, even for adults who had a legal right to obtain the material. Since the internet is more free and open than television or radio, any sort of attempts to restrict access to a particular group are extremely difficult on a broad scale, only through parental oversight and local controls can these steps be taken.

In July 2011 while discussing numerous proposals for online privacy laws, Rep. Anna Eshoo (D-CA) said that protecting children should be one of the first steps, and that laws put on the books many years earlier were insufficient to provide the kind of privacy and protection needed today (Kang, 2011). A “do not track” bill was introduced that would specify rules for web companies about how to deal with data about minors including creating rules requiring companies to inform users how data from teenagers would be use, as well as giving parents the ability to erase data on minors the company may have. Legislation to help protect minors makes sense, and on its face this bill seems reasonable, but there are issues. A minor issue is there may still be some questions about freedom of speech rights for minors if others have the ability to erase information, data or posts created by a minor. More substantially is the difficulty in verifying the age of a user on a particular website. Websites often use age gates, simply asking a user to verify they are at least a certain age to utilize the website. Anyone could simply lie about his or her age to move forward. Any additional requests for verifying identity lead to many privacy of the privacy issues previously discussed. Any legislation on this topic will have to be very specific to help protect a web company when a minor signs up and lies about their age, in order for any bill, including the one suggested, to be effective or useful.

Role Play

Defense in Depth